iPhone: How to fix a cheat based on changing the device's date? Is there a server I can get the time from?

Adam picture Adam · Jan 11, 2011 · Viewed 10.9k times · Source

I have an iPhone game that dispenses in-game currency over time, and someone discovered that you can change the date on your device to get rewards early.

I found out there was a similar issue in Smurf Village, and they detect the tampering somehow. Does anyone know how they do it? The only thing I can think of is getting the time from an outside server, which would require devices to be online, but it's better than nothing I guess... does anyone know where I can find a server that just tells you the time?

Answer

Kendall Helmstetter Gelner picture Kendall Helmstetter Gelner · Jan 11, 2011

You can use an NTP server that tells you the time.

Right until someone uses a proxy server to figure out what NTP server you are trying to connect to, and then spoofs the NTP response... as others have mentioned, the response is easy to parse, and thus easy to forge.

A better solution would be to use something like Google App Engine (free), to send your app some kind of encrypted response that would boil down to the server time. If the client time deviated from that by too much, the app would simply use the server time for calculations. Then even if they intercept the request they will not easily be able to send back the correct response.

But basically in any networked game, you must always assume the client is lying. The only real way to prevent issues is to have everything go through a server, so a client cannot decide it's suddenly rich and have any other client agree it is so...